A SIMPLE COMMAND LINE TOOL THAT CAN BE USED TO CHECK IF ANY DEFAULT USERS ARE INSTALLED IN YOUR DATABASE AND MORE IMPORTANTLY WHETHER THOSE DEFAULT USERS STILL HAVE THEIR DEFAULT PASSWORDS SET TO KNOWN VALUES

CAIN & ABEL IS A PASSWORD RECOVERY TOOL FOR MICROSOFT OPERATING SYSTEMS. IT ALLOWS EASY RECOVERY OF VARIOUS KIND OF PASSWORDS BY SNIFFING THE NETWORK, CRACKING ENCRYPTED PASSWORDS USING DICTIONARY, BRUTE-FORCE AND CRYPTANALYSIS ATTACKS, RECORDING VOIP CONVERSATIONS, DECODING SCRAMBLED PASSWORDS, REVEALING PASSWORD BOXES, UNCOVERING CACHED PASSWORDS AND ANALYZING ROUTING PROTOCOLS. THE PROGRAM DOES NOT EXPLOIT ANY SOFTWARE VULNERABILITIES OR BUGS THAT COULD NOT BE FIXED WITH LITTLE EFFORT. IT COVERS SOME SECURITY ASPECTS/WEAKNESS PRESENT IN PROTOCOL'S STANDARDS, AUTHENTICATION METHODS AND CACHING MECHANISMS; ITS MAIN PURPOSE IS THE SIMPLIFIED RECOVERY OF PASSWORDS AND CREDENTIALS FROM VARIOUS SOURCES, HOWEVER IT ALSO SHIPS SOME "NON STANDARD" UTILITIES FOR MICROSOFT WINDOWS USERS.
CAIN & ABEL HAS BEEN DEVELOPED IN THE HOPE THAT IT WILL BE USEFUL FOR NETWORK ADMINISTRATORS, TEACHERS, SECURITY CONSULTANTS/PROFESSIONALS, FORENSIC STAFF, SECURITY SOFTWARE VENDORS, PROFESSIONAL PENETRATION TESTER AND EVERYONE ELSE THAT PLANS TO USE IT FOR ETHICAL REASONS. THE AUTHOR WILL NOT HELP OR SUPPORT ANY ILLEGAL ACTIVITY DONE WITH THIS PROGRAM. BE WARNED THAT THERE IS THE POSSIBILITY THAT YOU WILL CAUSE DAMAGES AND/OR LOSS OF DATA USING THIS SOFTWARE AND THAT IN NO EVENTS SHALL THE AUTHOR BE LIABLE FOR SUCH DAMAGES OR LOSS OF DATA. PLEASE CAREFULLY READ THE LICENSE AGREEMENT INCLUDED IN THE PROGRAM BEFORE USING IT.

THE LATEST VERSION IS FASTER AND CONTAINS A LOT OF NEW FEATURES LIKE APR (ARP POISON ROUTING) WHICH ENABLES SNIFFING ON SWITCHED LANS AND MAN-IN-THE-MIDDLE ATTACKS. THE SNIFFER IN THIS VERSION CAN ALSO ANALYZE ENCRYPTED PROTOCOLS SUCH AS SSH-1 AND HTTPS, AND CONTAINS FILTERS TO CAPTURE CREDENTIALS FROM A WIDE RANGE OF AUTHENTICATION MECHANISMS. THE NEW VERSION ALSO SHIPS ROUTING PROTOCOLS AUTHENTICATION MONITORS AND ROUTES EXTRACTORS, DICTIONARY AND BRUTE-FORCE CRACKERS FOR ALL COMMON HASHING ALGORITHMS AND FOR SEVERAL SPECIFIC AUTHENTICATIONS, PASSWORD/HASH CALCULATORS, CRYPTANALYSIS ATTACKS, PASSWORD DECODERS AND SOME NOT SO COMMON UTILITIES RELATED TO NETWORK AND SYSTEM SECURITY.

THIS LITTLE PROGRAM IS FOR AUDITING A DNS, IT WILL BRUTE FORCE A DOMAIN ASKING FOR HOSTNAMES TAKEN FROM A PREDEFINED LIST. THE LIST HAS THE MOST COMMON NAMES USED FOR HOSTS. IT SUPPORTS HYBRID QUERYS TO FIND A BROADER RANGE OF HOSTS.

IKECRACK IS AN OPEN SOURCE IKE/IPSEC AUTHENTICATION CRACK TOOL. THIS TOOL IS DESIGNED TO BRUTEFORCE OR DICTIONARY ATTACK THE KEY/PASSWORD USED WITH PRE-SHARED-KEY [PSK] IKE AUTHENTICATION. THE OPEN SOURCE VERSION OF THIS TOOL IS TO DEMONSTRATE PROOF-OF-CONCEPT, AND WILL WORK WITH RFC 2409 BASED AGGRESSIVE MODE PSK AUTHENTICATION.

THE OPHCRACK LIVECD IS A BOOTABLE LINUX CD-ROM CONTAINING OPHCRACK 2.3 AND A SET OF TABLES (SSTIC04-10K). IT ALLOWS FOR TESTING THE STRENGTH OF PASSWORDS ON A WINDOWS MACHINE WITHOUT HAVING TO INSTALL ANYTHING ON IT. JUST PUT IT INTO THE CD-ROM DRIVE, REBOOT AND IT WILL TRY TO FIND A WINDOWS PARTITION, EXTRACT ITS SAM AND START AUDITING THE PASSWORDS.

THIS IS AN EXPECT SCRIPT THAT WILL ALLOW YOU TO SPECIFY A HOST FILE, USER FILE, AND A DICTIONARY. EXTREMELY USEFUL FOR AUDITING LARGE NETWORKS WHERE YOU CAN'T MANUALLY LOG INTO EVERY MACHINE OR DON'T FEEL LIKE RE-RUNNING SOMETHING ON EVERY HOST.

MEDUSA IS INTENDED TO BE A SPEEDY, MASSIVELY PARALLEL, MODULAR, LOGIN BRUTE-FORCER. THE GOAL IS TO SUPPORT AS MANY SERVICES WHICH ALLOW REMOTE AUTHENTICATION AS POSSIBLE. THE AUTHOR CONSIDERS FOLLOWING ITEMS AS SOME OF THE KEY FEATURES OF THIS APPLICATION:

THREAD-BASED PARALLEL TESTING. BRUTE-FORCE TESTING CAN BE PERFORMED AGAINST MULTIPLE HOSTS, USERS OR PASSWORDS CONCURRENTLY.

FLEXIBLE USER INPUT. TARGET INFORMATION (HOST/USER/PASSWORD) CAN BE SPECIFIED IN A VARIETY OF WAYS. FOR EXAMPLE, EACH ITEM CAN BE EITHER A SINGLE ENTRY OR A FILE CONTAINING MULTIPLE ENTRIES. ADDITIONALLY, A COMBINATION FILE FORMAT ALLOWS THE USER TO REFINE THEIR TARGET LISTING.

MODULAR DESIGN. EACH SERVICE MODULE EXISTS AS AN INDEPENDENT .MOD FILE. THIS MEANS THAT NO MODIFICATIONS ARE NECESSARY TO THE CORE APPLICATION IN ORDER TO EXTEND THE SUPPORTED LIST OF SERVICES FOR BRUTE-FORCING.

THC PRESENTS A CRYPTO PAPER ANALYZING THE DATABASE AUTHENTICATION MECHANSIM USED BY ORACLE. THC FURTHER RELEASES PRACTICAL TOOLS TO SNIFF AND CRACK THE PASSWORD OF AN ORACLE DATABASE WITHIN SECONDS.
ONE OF THE NETWORK AUTHENTICATION MODES USED BY ORACLE DATABASES USES A WEAK KEY EXCHANGE MECHANISM. THIS MECHANISM IS STILL USED ON THE NEWEST DATABASE VERSIONS USING ORACLE'S JAVA DRIVERS. ALSO, FOR NATIVE ORACLE DRIVERS AN ATTACK IS KNOWN TO DOWNGRADE THE AUTHENTICATION MODE TO THE VULNERABLE VERSION. THE ORAKELSNIFFERT ARTICLE DOCUMENTS THE MECHANISM USED BY THE WEAK AUTHENTICATION MODE, THE COMPLEXITY AND IMPACT OF THE ATTACK AND AN EXAMPLE OF AN ATTACK IN THE FIELD. A WINDOWS BASED CRACKER AND A SIMPLE JAVA BASED CLIENT APPLICATION ARE INCLUDED TO VERIFY THE RESULTS. ALSO, A SUPPORTING CRYPTO UTILITY IS RELEASED.

AN EXTRAORDINARILY POWERFUL, FLEXIBLE, AND FAST MULTI-PLATFORM PASSWORD HASH CRACKER JOHN THE RIPPER IS A FAST PASSWORD CRACKER, CURRENTLY AVAILABLE FOR MANY FLAVORS OF UNIX (11 ARE OFFICIALLY SUPPORTED, NOT COUNTING DIFFERENT ARCHITECTURES), DOS, WIN32, BEOS, AND OPENVMS. ITS PRIMARY PURPOSE IS TO DETECT WEAK UNIX PASSWORDS. IT SUPPORTS SEVERAL CRYPT PASSWORD HASH TYPES WHICH ARE MOST COMMONLY FOUND ON VARIOUS UNIX FLAVORS, AS WELL AS KERBEROS AFS AND WINDOWS NT/2000/XP LM HASHES. SEVERAL OTHER HASH TYPES ARE ADDED WITH CONTRIBUTED PATCHES.

RAINBOWCRACK IS A GENERAL PROPOSE IMPLEMENTATION OF PHILIPPE OECHSLIN'S FASTER TIME-MEMORY TRADE-OFF TECHNIQUE. IN SHORT, THE RAINBOWCRACK TOOL IS A HASH CRACKER. IT IS TRADITIONAL BRUTE FORCE CRACKER THAT TRYS ALL POSSIBLE PLAINTEXTS ONE BY ONE IN CRACKING TIME. IT IS TIME CONSUMING TO BREAK COMPLEX PASSWORD IN THIS WAY. THE IDEA OF TIME-MEMORY TRADE-OFF IS TO DO ALL CRACKING TIME COMPUTATION IN ADVANCE AND STORE THE RESULT IN FILES SO CALLED "RAINBOW TABLE". IT DOES TAKE A LONG TIME TO PRECOMPUTE THE TABLES. BUT ONCE THE ONE TIME PRECOMPUTATION IS FINISHED, A TIME-MEMORY TRADE-OFF CRACKER CAN BE HUNDREDS OF TIMES FASTER THAN A BRUTE FORCE CRACKER, WITH THE HELP OF PRECOMPUTED TABLES.

MDCRACK IS A FREE, FEATURE FILLED PASSWORD CRACKER DESIGNED TO BRUTEFORCE SEVERAL COMMONLY USED HASH ALGORITHMS AT A VERY AGGRESSIVE SPEED RATE. IT CAN RETRIEVE ANY PASSWORD MADE OF UP TO 8 CHARACTERS (16 FOR PIX ALGORITHMS) AND 55 CHARACTERS WHEN SALTED. IN ORDER TO ACHIEVE THE HIGHEST POSSIBLE SPEED RATE, THIS PROGRAM USES SEVERAL CORES FOR EACH ALGORITHM IT SUPPORTS. EACH ONE OF THESE CORES PROVIDES A DIFFERENT LEVEL OF OPTIMIZATION DESIGNED TO BEST FIT WITH A SPECIFIC SET OF COMMAND LINE OPTIONS. WHATEVER COMMAND LINE CONFIGURATION IS USED, MDCRACK WILL ALWAYS ARRANGE TO USE THE BEST AVAILABLE CORE. TO DATE, THIS PROGRAM SUPPORTS BRUTEFORCE ATTACKS ON MD2, MD4, MD5, NTLMV1 AND PIX (ENABLE AND USERS) HASHES, THE LIST OF ALGORITHMS IS GROWING UP. MULTITHREADING ALLOWS FOR PARALLEL CRACKING AND LOAD SHARING BETWEEN SEVERAL CPUS AND MULTIPLIES OVERALL SPEED BY THE NUMBER OF AVAILABLE PROCESSOR(S).

IKECRACK IS AN OPEN SOURCE IKE/IPSEC AUTHENTICATION CRACK TOOL. THIS TOOL IS DESIGNED TO BRUTEFORCE OR DICTIONARY ATTACK THE KEY/PASSWORD USED WITH PRE-SHARED-KEY [PSK] IKE AUTHENTICATION. THE OPEN SOURCE VERSION OF THIS TOOL IS TO DEMONSTRATE PROOF-OF-CONCEPT, AND WILL WORK WITH RFC 2409 BASED AGGRESSIVE MODE PSK AUTHENTICATION.

TXDNS IS A WIN32 AGGRESSIVE MULTITHREADED DNS DIGGER THAT IS CAPABLE OF PLACING ON THE WIRE THOUSANDS OF DNS QUERIES PER MINUTE. TXDNS MAIN GOAL IS TO EXPOSE A DOMAIN NAMESPACE TROUGH A NUMBER OF TECHNIQUES:

TYPOS
TLD ROTATION
DICTIONARY ATTACK
BRUTE FORCE

TXDNS MAY BE USED TO:

FILL THE RECONNAISSANCE GAP LEFT DUE TO DNS SERVERS HARDENING, AS DNS-ZONE TRANSFERS ARE MUCH LIKE TO FAIL.

DIG A GIVEN DOMAIN NAME FOR POSSIBLE PHISHING VARIATIONS BASED ON COMMON WELL-KNOW TYPO ALGORITHMS AND RETURN DNS QUERIES ON BOTH USED AND NOT USED NAMES.

FIREFOX USES A MASTER PASSWORD TO PROTECT THE STORED SIGN-ON INFORMATION FOR VARIOUS WEBSITES. IF THE MASTER PASSWORD IS FORGOTTEN, THEN THERE IS NO WAY TO RECOVER THE MASTER PASSWORD AND USER HAS TO LOSE ALL THE SIGN-ON INFORMATION STORED IN IT. TO PREVENT THIS PROBLEM, I HAVE DEVELOPED FIREMASTER WHICH USES COMBINATION OF TECHNIQUES SUCH AS DICTIONARY, HYBRID AND BRUTE FORCE TO RECOVER THE MASTER PASSWORD FROM THE FIREFOX KEY DATABASE FILE.

FIREPASSWORD IS THE TOOL DESIGNED TO DECRYPT THE USERNAME AND PASSWORD LIST FROM FIREFOX SIGN-ON DATABASE. FIREFOX STORES THE USERNAME AND PASSWORD INFORMATION FOR VARIOUS WEBSITES IN ITS DATABASE FILES. FIREPASSWORD WORKS ON SIMILAR LINE AS FIREFOX'S BUILT-IN PASSWORD MANAGER BUT IT CAN BE USED AS OFFLINE TOOL TO GET THE USERNAME/PASSWORD INFORMATION WITHOUT RUNNING THE FIREFOX.

VENOM IS A TOOL TO RUN DICTIONARY PASSWORD ATTACKS AGAINST WINDOWS ACCOUNTS BY USING THE WINDOWS MANAGEMENT INSTRUMENTATION (WMI) SERVICE. THIS CAN BE USEFUL IN THOSE CASES WHERE THE SERVER SERVICE HAS BEEN DISABLED. THE TOOL IS WRITTEN IN VB6 AND MIGHT REQUIRE SOME ADDITIONAL RUNTIME LIBRARIES TO RUN. GUESSING SPEEDS VARY, BUT TEND TO BE AROUND 45-50 GUESSES/SEC. THE PASSWORD FILE SUPPORTS THE FORMATS %USERNAME% AND LC %USERNAME% WITH THE RESULT OF THE USERNAME BEING USED AS THE PASSWORD. THE PREFIX LC CONVERTS THE USERNAME TO LOWERCASE.

VNCPWDUMP CAN BE USED TO DUMP AND DECRYPT THE REGISTRY KEY CONTAINING THE ENCRYPTED VNC PASSWORD IN A FEW DIFFERENT WAYS.

IT SUPPORTS DUMPING AND DECRYPTING THE PASSWORD BY:
- DUMPING THE CURRENT USERS REGISTRY KEY
- RETRIEVING IT FROM A NTUSER.DAT FILE
- DECRYPTING A COMMAND LINE SUPPLIED ENCRYPTED PASSWORD
- INJECTING THE VNC PROCESS AND DUMPING THE OWNERS PASSWORD

IPR IS A TOOL FOR RECOVERING PASSWORDS ON LOTUS NOTES ID FILES. IT DOES THIS BY GUESSING PASSWORDS YOU SUPPLY IN A DICTIONARY FILE. IT GUESSES APPROXIMATELY 400-500 PASSWORDS A SECOND ON A PIII 1GHZ. THE TOOL SHOULD BE USED BY ADMINISTRATORS FOR FINDING WEAK PASSWORDS IN USER ID FILES.

BASED ON ADI SHAMIR'S "PLAYING HIDE AND SEEK WITH ENCRYPTION KEYS" ARTICLE, WHICH SUGGESTS A WAY FOR LOCATING KEYS WITHIN A BUFFER (MEMORY, LARGE FILE, ETC.). THE PASSLOC TOOL ACCEPTS A FILE AS INPUT AND RETURNS A GRAPHICAL PLOT OF ITS CONTENT WHERE THE MOST RANDOM PART OF THE FILE IS COLORED. THE ARTICLE SUGGESTS THAT DUE TO THE RANDOM NATURE OF LONG KEYS PUT IN NON-RANDOM FILES, THE HUMAN EYE CAN EASILY DISTINGUISH THE KEY GIVEN A SUFFICIENTLY LONG FILE.